You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
223 lines
5.4 KiB
PHTML
223 lines
5.4 KiB
PHTML
8 months ago
|
<?php
|
||
|
/**
|
||
|
* REST api helper.
|
||
|
*
|
||
|
* @since 1.0.15
|
||
|
* @package RankMath
|
||
|
* @subpackage RankMath\Rest
|
||
|
* @author Rank Math <support@rankmath.com>
|
||
|
*/
|
||
|
|
||
|
namespace RankMath\Rest;
|
||
|
|
||
|
use WP_Error;
|
||
|
use RankMath\Helper;
|
||
|
|
||
|
defined( 'ABSPATH' ) || exit;
|
||
|
|
||
|
/**
|
||
|
* Rest_Helper class.
|
||
|
*/
|
||
|
class Rest_Helper {
|
||
|
|
||
|
/**
|
||
|
* REST namespace.
|
||
|
*
|
||
|
* @var string
|
||
|
*/
|
||
|
const BASE = 'rankmath/v1';
|
||
|
|
||
|
/**
|
||
|
* Determines if the current user can manage options.
|
||
|
*
|
||
|
* @return true
|
||
|
*/
|
||
|
public static function can_manage_options() {
|
||
|
return current_user_can( 'manage_options' );
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Checks whether a given request has permission to update redirection.
|
||
|
*
|
||
|
* @param WP_REST_Request $request Full details about the request.
|
||
|
*
|
||
|
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
|
||
|
*/
|
||
|
public static function get_redirection_permissions_check( $request ) {
|
||
|
if ( ! Helper::is_module_active( 'redirections' ) || ! Helper::has_cap( 'redirections' ) ) {
|
||
|
return new WP_Error(
|
||
|
'rest_cannot_edit',
|
||
|
__( 'Sorry, you are not allowed to create/update redirection.', 'rank-math' ),
|
||
|
[ 'status' => rest_authorization_required_code() ]
|
||
|
);
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Checks whether a given request has permission to read types.
|
||
|
*
|
||
|
* @param WP_REST_Request $request Full details about the request.
|
||
|
*
|
||
|
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
|
||
|
*/
|
||
|
public static function get_object_permissions_check( $request ) {
|
||
|
$object_id = $request->get_param( 'objectID' );
|
||
|
$object_type = $request->get_param( 'objectType' );
|
||
|
|
||
|
if ( in_array( $object_type, [ 'post', 'term', 'user' ], true ) ) {
|
||
|
$method = "get_{$object_type}_permissions_check";
|
||
|
return self::$method( $request );
|
||
|
}
|
||
|
|
||
|
return false;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Checks whether a given request has permission to read post.
|
||
|
*
|
||
|
* @param WP_REST_Request $request Full details about the request.
|
||
|
*
|
||
|
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
|
||
|
*/
|
||
|
public static function get_post_permissions_check( $request ) {
|
||
|
$post = self::get_post( $request->get_param( 'objectID' ) );
|
||
|
if ( is_wp_error( $post ) ) {
|
||
|
return $post;
|
||
|
}
|
||
|
|
||
|
if ( 'rank_math_locations' === $post->post_type ) {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
if ( ! Helper::is_post_type_accessible( $post->post_type ) && 'rank_math_schema' !== $post->post_type ) {
|
||
|
return new WP_Error(
|
||
|
'rest_cannot_edit',
|
||
|
__( 'Sorry, you are not allowed to edit this post type.', 'rank-math' ),
|
||
|
[ 'status' => rest_authorization_required_code() ]
|
||
|
);
|
||
|
}
|
||
|
|
||
|
$post_type = get_post_type_object( $post->post_type );
|
||
|
|
||
|
if (
|
||
|
current_user_can( $post_type->cap->edit_post, $post->ID ) ||
|
||
|
current_user_can( $post_type->cap->edit_others_posts )
|
||
|
) {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
return new WP_Error(
|
||
|
'rest_cannot_edit',
|
||
|
__( 'Sorry, you are not allowed to edit this post.', 'rank-math' ),
|
||
|
[ 'status' => rest_authorization_required_code() ]
|
||
|
);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Get the post, if the ID is valid.
|
||
|
*
|
||
|
* @param int $id Supplied ID.
|
||
|
*
|
||
|
* @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
|
||
|
*/
|
||
|
public static function get_post( $id ) {
|
||
|
$error = new WP_Error(
|
||
|
'rest_post_invalid_id',
|
||
|
__( 'Invalid post ID.', 'rank-math' ),
|
||
|
[ 'status' => 404 ]
|
||
|
);
|
||
|
|
||
|
if ( (int) $id <= 0 ) {
|
||
|
return $error;
|
||
|
}
|
||
|
|
||
|
$post = get_post( (int) $id );
|
||
|
if ( empty( $post ) || empty( $post->ID ) ) {
|
||
|
return $error;
|
||
|
}
|
||
|
|
||
|
return $post;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Checks whether a given request has permission to read term.
|
||
|
*
|
||
|
* @param WP_REST_Request $request Full details about the request.
|
||
|
*
|
||
|
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
|
||
|
*/
|
||
|
public static function get_term_permissions_check( $request ) {
|
||
|
$term = self::get_term( $request->get_param( 'objectID' ) );
|
||
|
if ( is_wp_error( $term ) ) {
|
||
|
return $term;
|
||
|
}
|
||
|
|
||
|
if ( ! in_array( $term->taxonomy, array_keys( Helper::get_accessible_taxonomies() ), true ) ) {
|
||
|
return new WP_Error(
|
||
|
'rest_cannot_edit',
|
||
|
__( 'Sorry, you are not allowed to edit this term.', 'rank-math' ),
|
||
|
[ 'status' => rest_authorization_required_code() ]
|
||
|
);
|
||
|
}
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Get the term, if the ID is valid.
|
||
|
*
|
||
|
* @param int $id Supplied ID.
|
||
|
*
|
||
|
* @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise.
|
||
|
*/
|
||
|
public static function get_term( $id ) {
|
||
|
$error = new WP_Error(
|
||
|
'rest_term_invalid_id',
|
||
|
__( 'Invalid term ID.', 'rank-math' ),
|
||
|
[ 'status' => 404 ]
|
||
|
);
|
||
|
|
||
|
if ( (int) $id <= 0 ) {
|
||
|
return $error;
|
||
|
}
|
||
|
|
||
|
global $wpdb;
|
||
|
$term = $wpdb->get_row( $wpdb->prepare( "SELECT t.* FROM $wpdb->term_taxonomy AS t WHERE t.term_id = %d LIMIT 1", $id ) );
|
||
|
if ( empty( $term ) || empty( $term->term_id ) ) {
|
||
|
return $error;
|
||
|
}
|
||
|
|
||
|
return $term;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Checks whether a given request has permission to read user.
|
||
|
*
|
||
|
* @param WP_REST_Request $request Full details about the request.
|
||
|
*
|
||
|
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
|
||
|
*/
|
||
|
public static function get_user_permissions_check( $request ) {
|
||
|
return Helper::get_settings( 'titles.author_add_meta_box' );
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Param emptiness validate callback.
|
||
|
*
|
||
|
* @param mixed $param Param to validate.
|
||
|
*
|
||
|
* @return boolean
|
||
|
*/
|
||
|
public static function is_param_empty( $param ) {
|
||
|
if ( empty( $param ) ) {
|
||
|
return new WP_Error(
|
||
|
'param_value_empty',
|
||
|
esc_html__( 'Sorry, field is empty which is not allowed.', 'rank-math' )
|
||
|
);
|
||
|
}
|
||
|
return true;
|
||
|
}
|
||
|
}
|